By Jon Munshaw.
Microsoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's Patch Tuesday covers 123 vulnerabilities. Sixteen of the flaws Microsoft disclosed are considered critical. There are also 95 "important" vulnerabilities and six low- and moderate-severity vulnerabilities each.
Cisco Talos specifically disclosed CVE-2020-0901, a code execution vulnerability in Excel. This month’s security update also covers security issues in a variety of Microsoft services and software, including SharePoint, Media Foundation and the Chakra scripting engine.
Talos also released a new set of SNORTⓇ rules that provide coverage for some of these vulnerabilities. For more, check out the full Snort rule advisory here.
Critical vulnerabilities
Microsoft disclosed 15 critical vulnerabilities, five of which we will highlight below.
CVE-2020-1023, CVE-2020-1024, CVE-2020-1069 and CVE-2020-1102 are remote code execution vulnerabilities in Microsoft SharePoint. An adversary could exploit any of these vulnerabilities to gain the ability to execute arbitrary code on the victim machine or server, depending on the specific bug. For CVE-2020-1069, an attacker would need to upload a specially crafted packet to a SharePoint server to successfully exploit the bug. The remainder requires the user to open a specially crafted SharePoint file.
microsoft patch tuesday vulnerability disclosures snort coverage
